There is an interest in employing cash alternatives in a variety of environments. Such cash alternatives can include, for example, payment devices such as payment cards and the like. Indeed, devices, such as electronic devices, and particularly electronic payment devices (for example, so-called “smart cards”) may be useful for a variety of payment and other applications.
One global payment industry standard is set forth in the EMV standards, discussed further below, which define the interaction between smart cards and smart card processing devices for financial transactions. There are standards based on ISO/IEC 7816 for contact cards, and standards based on ISO/IEC 14443 for contactless cards. MasterCard PayPass® is a “contactless” payment feature based on the ISO/IEC 14443 standard and the EMV contactless specifications that provides cardholders with a way to pay by tapping a payment card or other payment device, such as a phone or key fob, on a point-of-sale terminal reader. MasterCard PayPass® includes the MasterCard PayPass® M/Chip and MasterCard PayPass® Mag Stripe specifications. The latter is one example of a specification that allows chip payments (in particular, contactless chip payments) to use authorization networks (proprietary and shared) that presently only support magnetic stripe authorizations for credit or debit applications. PayPass® is a registered mark of, and the PayPass® specifications are available under license from, MasterCard International Incorporated of Purchase, N.Y., USA.
Modern chip-based payment cards or payment devices commonly employ a dynamic cryptogram generated by the card or other device for electronic detection and/or prevention of counterfeit fraud. In some cases (e.g., MasterCard PayPass® M/Chip using combined data authentication) the cryptogram can be validated offline by the terminal, but in others (e.g., MasterCard PayPass® Mag Stripe), the only place it can be validated is at the issuer host (usually during online authorization). Transit smart cards typically support some form of offline authentication (e.g. shared secret key). Remote authentication devices such as RSA SecureID support online authentication.
Under some circumstances it is desirable that a merchant be able to accept cards and/or devices where the merchant is unable to secure an online authorization response. One non-limiting example of such circumstances is in the transit environment. For example, US Patent Publication 2008/0033880 of Fiebiger et al. (now U.S. Pat. No. 8,584,936), assigned to MasterCard International Incorporated, published 7 Feb. 2008, and entitled “Techniques for Authorization of Usage of a Payment Device,” indicates that it may be desirable, in a transit environment, to provide a rapid decision regarding transit access, such as in a time averaging less than 200 milliseconds (ms). This requirement generally renders online authorization impracticable.